VMware Horizon Community
EyKeule
Enthusiast
Enthusiast

Access Point - All connections refused

Hey,

I've a hard fight with the new EUC Access Point.

I have imported the appliance to my vSphere 5.5 environment in various ways and configurations (single NIC, 3 NIC, with and w/o Horizon config) already and followed all steps outlined in the admin guide. Unfortunately I always get the same result. The appliance is booting fine, but refusing every network connection (https & ssh). When I logon to the console I can see the gateway user is running 3 processes called java, of which one consumes 100% CPU (it's actually 200% b/c 2 CPUs). From the appliance I can ping all backend systems and DNS resolution works.

Unfortunately I also did not manage to make the appliance send any message to my Solarwinds Kiwi Syslog server. So I'm flying blind right now.

What am I missing?

Anyone seen this before?

Is there a video or step by step guide I could follow to make sure I'm not doing anything stupid?

Thanks.

13 Replies
cstalhood3
Enthusiast
Enthusiast

I also fought with the appliance and eventually figured out how to configure it. There are some problems with the documentation so I wrote my own procedure at VMware Access Point | Carl Stalhood

Reply
0 Kudos
EyKeule
Enthusiast
Enthusiast

Thanks for your response. I followed your script, but I get the same result. I even used another vSphere system (6.0) attached to another network, in order to check if that is causing some issues.

Box comes up, I can login, with "top" I see that the java process is running at 100% and for all connection attempts I get "connection refused". I'm downloading anew copy of the appliance now. Maybe I got a bad copy...

Reply
0 Kudos
EyKeule
Enthusiast
Enthusiast

I give up...

Reply
0 Kudos
jedcrossley
Contributor
Contributor

@cstalhood3

I found your Blog and APPRECIATE you documenting this. Has helped me a ton.

I am at the point I need to install a Wild Card Cert on the Access Point. I have one .pfx file and I went though and ran these commands that were shown in VMware's documentation.

openssl pkcs12 -in sslservercerts.p12 -nokeys -out sslservercerts.pem

openssl pkcs12 -in sslservercerts.p12 -nodes -nocerts -out sslservercertskey.pem

I did both commands on the same file and now have two PEM files. I am lost on whether I was supposed to do this or not.

And I am not a scripter, and got lost on how to push those files to the AP. I am trying to use Postman, as shown in your documentation, but I am getting stuck. Is there an easier way of doing this?

Reply
0 Kudos
cstalhood3
Enthusiast
Enthusiast

Two files is fine. One is the private key. One is the cert. You need both for the JSON object.

If you have Linux or Mac, you can use the Awk command detailed at Documentation for VMware Horizon 6 version 6.2

For Windows, I used Notepad++ to convert the newlines to \n characters.

Convert both files to single lines and then copy them to your JSON object in Postman.

Reply
0 Kudos
cstalhood3
Enthusiast
Enthusiast

I expanded the instructions at VMware Access Point | Carl Stalhood.

Feel free to leave comments at that post.

awingenbach
Contributor
Contributor

Any chance anyone got this sorted out?  I am experiencing the same problem as @EyKeule notes despite having tried multiple times and following every set of instructions we can find. It does not have anything to do with the certificates; I can't even connect to the REST API to get through the certificate setup process.

In short, what we get when going to either https://10.1.1.10:9443/rest/swagger.yaml or https://10.1.1.10:9443/rest/v1/config/edgeservice/VIEW is Connection Refused.  This is using Chrome on a Windows 7 host on the same /24 subnet as the virtual appliance with the Windows firewall turned off.  (10.1.1.10 is the IP of the EUC Access Point virtual appliance).

Reply
0 Kudos
awingenbach
Contributor
Contributor

Solved it!

Apparently the admin password MUST have at least one each of a letter, number and symbol or the REST API fails on startup.  Finally figured this out after hours of frustration, using the document linked below to reset the admin password through the access point console and reading the admin.log file line by line.  This could have been easily avoided with a simple passwrd requirement line in the documentation - just say'n.

EyKeule‌ and cstalhood‌ thanks for pointing me in (kind of) the right direction.

https://pubs.vmware.com/horizon-62-view/topic/com.vmware.ICbase/PDF/access-point-20-deploy-config-gu...

sikksakk
Contributor
Contributor

I also had this problem, I deployed the appliance on a vSphere 6.0u1 with the good 'ol .net client, tried to change to a different password -still no go.

but when i looked in the firstboot.properties file, i could see a 0x203 after the "=" and before the thumbprint on the viewDestionationURLThumbprints line.

Removed it and restarted the service, and boom it worked! Smiley Happy

Dont know if it was the copy/paste from the certificate properties box, or if there is a bug in the .net client..

anyway, look out for it - fragile little appliance this one! Smiley Happy

/Chris.

Reply
0 Kudos
mdent13
Contributor
Contributor

I've been working on getting this deployed into a lab setting for a while now, and Chris your post got me straight!  I think I've tried every which way to get this appliance deployed.  No matter if I used the vSphere Client or the Web Client, I got the same result.


Thanks!

--Mike

Reply
0 Kudos
Perttu
Enthusiast
Enthusiast

Hi

Just to confirm that a password created without any special characters i.e. symbols was also the issue here. Thank you all and especially awingenbach‌. This is a truly a validation error from VMware and I hope it will get fixed in future releases. I so wondered why the Access Points eats all the CPU while being just a simple Linux Appliance without any load yet.

Reply
0 Kudos
NicolasTheuil
Contributor
Contributor

Your password must contain a least one special char, vCenter let you to deploy de OVF without but the appliance wont work and the cpu reach 100%.

http://www.techezone.com/question/access-point-all-connections-refused/

Reply
0 Kudos
josejjcv
Contributor
Contributor

I am novice to linux. Can you provide the command to get to that directory and edit file? I did an 'ls' after logging in as root and see 'bash.history', '.exrc', '.gnupg', '.kbd', and 'inst-sys'.

Reply
0 Kudos